deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'dansimp-new-security-toc' of https://github.com/MicrosoftDocs/windows-docs-pr into dansimp-new-security-toc

Browse Source
This commit is contained in:
denisebmsft 2021-09-16 15:14:37 -07:00
commit a3de97efb2
4 changed files with 1189 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
windows/security/TOC.yml
View File

@ -125,7 +125,11 @@
- name: Decode Measured Boot logs to track PCR changes - name: Decode Measured Boot logs to track PCR changes
href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md href: information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
- name: Configure S/MIME for Windows - name: Configure S/MIME for Windows
href: identity-protection/configure-s-mime.md href: identity-protection/configure-s-mime.md
- name: Security policy settings
href: threat-protection/security-policy-settings/security-policy-settings.md
- name: Security auditing
href: threat-protection/auditing/security-auditing-overview.md
- name: Windows Information Protection (WIP) - name: Windows Information Protection (WIP)
href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
items: items:
@ -173,6 +177,21 @@
href: information-protection/windows-information-protection/using-owa-with-wip.md href: information-protection/windows-information-protection/using-owa-with-wip.md
- name: Fine-tune WIP Learning - name: Fine-tune WIP Learning
href: information-protection/windows-information-protection/wip-learning.md href: information-protection/windows-information-protection/wip-learning.md
- name: Windows security baselines
href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
items:
- name: Security Compliance Toolkit
href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
- name: Get support
href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
- name: More Windows security
items:
- name: Override Process Mitigation Options to help enforce app-related security policies
href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
- name: Use Windows Event Forwarding to help with intrusion detection
href: threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
- name: Block untrusted fonts in an enterprise
href: threat-protection/block-untrusted-fonts-in-enterprise.md
- name: Network security - name: Network security
items: items:
- name: VPN technical guide - name: VPN technical guide
@ -220,6 +239,61 @@
href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/exploit-protection
- name: Microsoft Defender for Endpoint - name: Microsoft Defender for Endpoint
href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint href: https://docs.microsoft.com/microsoft-365/security/defender-endpoint
- name: Security intelligence
href: threat-protection/intelligence/index.md
items:
- name: Understand malware & other threats
href: threat-protection/intelligence/understanding-malware.md
items:
- name: Prevent malware infection
href: threat-protection/intelligence/prevent-malware-infection.md
- name: Malware names
href: threat-protection/intelligence/malware-naming.md
- name: Coin miners
href: threat-protection/intelligence/coinminer-malware.md
- name: Exploits and exploit kits
href: threat-protection/intelligence/exploits-malware.md
- name: Fileless threats
href: threat-protection/intelligence/fileless-threats.md
- name: Macro malware
href: threat-protection/intelligence/macro-malware.md
- name: Phishing
href: threat-protection/intelligence/phishing.md
- name: Ransomware
href: /security/compass/human-operated-ransomware
- name: Rootkits
href: threat-protection/intelligence/rootkits-malware.md
- name: Supply chain attacks
href: threat-protection/intelligence/supply-chain-malware.md
- name: Tech support scams
href: threat-protection/intelligence/support-scams.md
- name: Trojans
href: threat-protection/intelligence/trojans-malware.md
- name: Unwanted software
href: threat-protection/intelligence/unwanted-software.md
- name: Worms
href: threat-protection/intelligence/worms-malware.md
- name: How Microsoft identifies malware and PUA
href: threat-protection/intelligence/criteria.md
- name: Submit files for analysis
href: threat-protection/intelligence/submission-guide.md
- name: Safety Scanner download
href: threat-protection/intelligence/safety-scanner-download.md
- name: Industry collaboration programs
href: threat-protection/intelligence/cybersecurity-industry-partners.md
items:
- name: Virus information alliance
href: threat-protection/intelligence/virus-information-alliance-criteria.md
- name: Microsoft virus initiative
href: threat-protection/intelligence/virus-initiative-criteria.md
- name: Coordinated malware eradication
href: threat-protection/intelligence/coordinated-malware-eradication.md
- name: Information for developers
items:
- name: Software developer FAQ
href: threat-protection/intelligence/developer-faq.yml
- name: Software developer resources
href: threat-protection/intelligence/developer-resources.md
- name: Application security - name: Application security
href: apps.md href: apps.md
items: items:

1
windows/security/operating-system.md
View File

@ -41,4 +41,3 @@ Windows Security app | The Windows built-in security application found in setitn
| Exploit protection | Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). | | Exploit protection | Learn more about [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection). |
| Microsoft Defender for Endpoint | Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). | | Microsoft Defender for Endpoint | Learn more about [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint). |
<!-- DanSimp to follow on on Bluetooth, Domain Name System (DNS) security, Windows Wi-Fi, Transport Layer Security (TLS)-->

765
windows/security/threat-protection/auditing/TOC.yml Normal file
View File

@ -0,0 +1,765 @@
- name: Security auditing
href: security-auditing-overview.md
items:
- name: Basic security audit policies
href: basic-security-audit-policies.md
items:
- name: Create a basic audit policy for an event category
href: create-a-basic-audit-policy-settings-for-an-event-category.md
- name: Apply a basic audit policy on a file or folder
href: apply-a-basic-audit-policy-on-a-file-or-folder.md
- name: View the security event log
href: view-the-security-event-log.md
- name: Basic security audit policy settings
href: basic-security-audit-policy-settings.md
items:
- name: Audit account logon events
href: basic-audit-account-logon-events.md
- name: Audit account management
href: basic-audit-account-management.md
- name: Audit directory service access
href: basic-audit-directory-service-access.md
- name: Audit logon events
href: basic-audit-logon-events.md
- name: Audit object access
href: basic-audit-object-access.md
- name: Audit policy change
href: basic-audit-policy-change.md
- name: Audit privilege use
href: basic-audit-privilege-use.md
- name: Audit process tracking
href: basic-audit-process-tracking.md
- name: Audit system events
href: basic-audit-system-events.md
- name: Advanced security audit policies
href: advanced-security-auditing.md
items:
- name: Planning and deploying advanced security audit policies
href: planning-and-deploying-advanced-security-audit-policies.md
- name: Advanced security auditing FAQ
href: advanced-security-auditing-faq.yml
items:
- name: Which editions of Windows support advanced audit policy configuration
href: which-editions-of-windows-support-advanced-audit-policy-configuration.md
- name: How to list XML elements in \<EventData>
href: how-to-list-xml-elements-in-eventdata.md
- name: Using advanced security auditing options to monitor dynamic access control objects
href: using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
items:
- name: Monitor the central access policies that apply on a file server
href: monitor-the-central-access-policies-that-apply-on-a-file-server.md
- name: Monitor the use of removable storage devices
href: monitor-the-use-of-removable-storage-devices.md
- name: Monitor resource attribute definitions
href: monitor-resource-attribute-definitions.md
- name: Monitor central access policy and rule definitions
href: monitor-central-access-policy-and-rule-definitions.md
- name: Monitor user and device claims during sign-in
href: monitor-user-and-device-claims-during-sign-in.md
- name: Monitor the resource attributes on files and folders
href: monitor-the-resource-attributes-on-files-and-folders.md
- name: Monitor the central access policies associated with files and folders
href: monitor-the-central-access-policies-associated-with-files-and-folders.md
- name: Monitor claim types
href: monitor-claim-types.md
- name: Advanced security audit policy settings
href: advanced-security-audit-policy-settings.md
items:
- name: Audit Credential Validation
href: audit-credential-validation.md
- name: "Event 4774 S, F: An account was mapped for logon."
href: event-4774.md
- name: "Event 4775 F: An account could not be mapped for logon."
href: event-4775.md
- name: "Event 4776 S, F: The computer attempted to validate the credentials for an account."
href: event-4776.md
- name: "Event 4777 F: The domain controller failed to validate the credentials for an account."
href: event-4777.md
- name: Audit Kerberos Authentication Service
href: audit-kerberos-authentication-service.md
items:
- name: "Event 4768 S, F: A Kerberos authentication ticket, TGT, was requested."
href: event-4768.md
- name: "Event 4771 F: Kerberos pre-authentication failed."
href: event-4771.md
- name: "Event 4772 F: A Kerberos authentication ticket request failed."
href: event-4772.md
- name: Audit Kerberos Service Ticket Operations
href: audit-kerberos-service-ticket-operations.md
items:
- name: "Event 4769 S, F: A Kerberos service ticket was requested."
href: event-4769.md
- name: "Event 4770 S: A Kerberos service ticket was renewed."
href: event-4770.md
- name: "Event 4773 F: A Kerberos service ticket request failed."
href: event-4773.md
- name: Audit Other Account Logon Events
href: audit-other-account-logon-events.md
- name: Audit Application Group Management
href: audit-application-group-management.md
- name: Audit Computer Account Management
href: audit-computer-account-management.md
items:
- name: "Event 4741 S: A computer account was created."
href: event-4741.md
- name: "Event 4742 S: A computer account was changed."
href: event-4742.md
- name: "Event 4743 S: A computer account was deleted."
href: event-4743.md
- name: Audit Distribution Group Management
href: audit-distribution-group-management.md
items:
- name: "Event 4749 S: A security-disabled global group was created."
href: event-4749.md
- name: "Event 4750 S: A security-disabled global group was changed."
href: event-4750.md
- name: "Event 4751 S: A member was added to a security-disabled global group."
href: event-4751.md
- name: "Event 4752 S: A member was removed from a security-disabled global group."
href: event-4752.md
- name: "Event 4753 S: A security-disabled global group was deleted."
href: event-4753.md
- name: Audit Other Account Management Events
href: audit-other-account-management-events.md
items:
- name: "Event 4782 S: The password hash of an account was accessed."
href: event-4782.md
- name: "Event 4793 S: The Password Policy Checking API was called."
href: event-4793.md
- name: Audit Security Group Management
href: audit-security-group-management.md
items:
- name: "Event 4731 S: A security-enabled local group was created."
href: event-4731.md
- name: "Event 4732 S: A member was added to a security-enabled local group."
href: event-4732.md
- name: "Event 4733 S: A member was removed from a security-enabled local group."
href: event-4733.md
- name: "Event 4734 S: A security-enabled local group was deleted."
href: event-4734.md
- name: "Event 4735 S: A security-enabled local group was changed."
href: event-4735.md
- name: "Event 4764 S: A group<75>s type was changed."
href: event-4764.md
- name: "Event 4799 S: A security-enabled local group membership was enumerated."
href: event-4799.md
- name: Audit User Account Management
href: audit-user-account-management.md
items:
- name: "Event 4720 S: A user account was created."
href: event-4720.md
- name: "Event 4722 S: A user account was enabled."
href: event-4722.md
- name: "Event 4723 S, F: An attempt was made to change an account's password."
href: event-4723.md
- name: "Event 4724 S, F: An attempt was made to reset an account's password."
href: event-4724.md
- name: "Event 4725 S: A user account was disabled."
href: event-4725.md
- name: "Event 4726 S: A user account was deleted."
href: event-4726.md
- name: "Event 4738 S: A user account was changed."
href: event-4738.md
- name: "Event 4740 S: A user account was locked out."
href: event-4740.md
- name: "Event 4765 S: SID History was added to an account."
href: event-4765.md
- name: "Event 4766 F: An attempt to add SID History to an account failed."
href: event-4766.md
- name: "Event 4767 S: A user account was unlocked."
href: event-4767.md
- name: "Event 4780 S: The ACL was set on accounts that are members of administrators groups."
href: event-4780.md
- name: "Event 4781 S: The name of an account was changed."
href: event-4781.md
- name: "Event 4794 S, F: An attempt was made to set the Directory Services Restore Mode administrator password."
href: event-4794.md
- name: "Event 4798 S: A user's local group membership was enumerated."
href: event-4798.md
- name: "Event 5376 S: Credential Manager credentials were backed up."
href: event-5376.md
- name: "Event 5377 S: Credential Manager credentials were restored from a backup."
href: event-5377.md
- name: Audit DPAPI Activity
href: audit-dpapi-activity.md
items:
- name: "Event 4692 S, F: Backup of data protection master key was attempted."
href: event-4692.md
- name: "Event 4693 S, F: Recovery of data protection master key was attempted."
href: event-4693.md
- name: "Event 4694 S, F: Protection of auditable protected data was attempted."
href: event-4694.md
- name: "Event 4695 S, F: Unprotection of auditable protected data was attempted."
href: event-4695.md
- name: Audit PNP Activity
href: audit-pnp-activity.md
items:
- name: "Event 6416 S: A new external device was recognized by the System."
href: event-6416.md
- name: "Event 6419 S: A request was made to disable a device."
href: event-6419.md
- name: "Event 6420 S: A device was disabled."
href: event-6420.md
- name: "Event 6421 S: A request was made to enable a device."
href: event-6421.md
- name: "Event 6422 S: A device was enabled."
href: event-6422.md
- name: "Event 6423 S: The installation of this device is forbidden by system policy."
href: event-6423.md
- name: "Event 6424 S: The installation of this device was allowed, after having previously been forbidden by policy."
href: event-6424.md
- name: Audit Process Creation
href: audit-process-creation.md
items:
- name: "Event 4688 S: A new process has been created."
href: event-4688.md
- name: "Event 4696 S: A primary token was assigned to process."
href: event-4696.md
- name: Audit Process Termination
href: audit-process-termination.md
items:
- name: "Event 4689 S: A process has exited."
href: event-4689.md
- name: Audit RPC Events
href: audit-rpc-events.md
items:
- name: "Event 5712 S: A Remote Procedure Call, RPC, was attempted."
href: event-5712.md
- name: Audit Token Right Adjusted
href: audit-token-right-adjusted.md
items:
- name: "Event 4703 S: A user right was adjusted."
href: event-4703.md
- name: Audit Detailed Directory Service Replication
href: audit-detailed-directory-service-replication.md
items:
- name: "Event 4928 S, F: An Active Directory replica source naming context was established."
href: event-4928.md
- name: "Event 4929 S, F: An Active Directory replica source naming context was removed."
href: event-4929.md
- name: "Event 4930 S, F: An Active Directory replica source naming context was modified."
href: event-4930.md
- name: "Event 4931 S, F: An Active Directory replica destination naming context was modified."
href: event-4931.md
- name: "Event 4934 S: Attributes of an Active Directory object were replicated."
href: event-4934.md
- name: "Event 4935 F: Replication failure begins."
href: event-4935.md
- name: "Event 4936 S: Replication failure ends."
href: event-4936.md
- name: "Event 4937 S: A lingering object was removed from a replica."
href: event-4937.md
- name: Audit Directory Service Access
href: audit-directory-service-access.md
items:
- name: "Event 4662 S, F: An operation was performed on an object."
href: event-4662.md
- name: "Event 4661 S, F: A handle to an object was requested."
href: event-4661.md
- name: Audit Directory Service Changes
href: audit-directory-service-changes.md
items:
- name: "Event 5136 S: A directory service object was modified."
href: event-5136.md
- name: "Event 5137 S: A directory service object was created."
href: event-5137.md
- name: "Event 5138 S: A directory service object was undeleted."
href: event-5138.md
- name: "Event 5139 S: A directory service object was moved."
href: event-5139.md
- name: "Event 5141 S: A directory service object was deleted."
href: event-5141.md
- name: Audit Directory Service Replication
href: audit-directory-service-replication.md
items:
- name: "Event 4932 S: Synchronization of a replica of an Active Directory naming context has begun."
href: event-4932.md
- name: "Event 4933 S, F: Synchronization of a replica of an Active Directory naming context has ended."
href: event-4933.md
- name: Audit Account Lockout
href: audit-account-lockout.md
items:
- name: "Event 4625 F: An account failed to log on."
href: event-4625.md
- name: Audit User/Device Claims
href: audit-user-device-claims.md
items:
- name: "Event 4626 S: User/Device claims information."
href: event-4626.md
- name: Audit Group Membership
href: audit-group-membership.md
items:
- name: "Event 4627 S: Group membership information."
href: event-4627.md
- name: Audit IPsec Extended Mode
href: audit-ipsec-extended-mode.md
- name: Audit IPsec Main Mode
href: audit-ipsec-main-mode.md
- name: Audit IPsec Quick Mode
href: audit-ipsec-quick-mode.md
- name: Audit Logoff
href: audit-logoff.md
items:
- name: "Event 4634 S: An account was logged off."
href: event-4634.md
- name: "Event 4647 S: User initiated logoff."
href: event-4647.md
- name: Audit Logon
href: audit-logon.md
items:
- name: "Event 4624 S: An account was successfully logged on."
href: event-4624.md
- name: "Event 4625 F: An account failed to log on."
href: event-4625.md
- name: "Event 4648 S: A logon was attempted using explicit credentials."
href: event-4648.md
- name: "Event 4675 S: SIDs were filtered."
href: event-4675.md
- name: Audit Network Policy Server
href: audit-network-policy-server.md
- name: Audit Other Logon/Logoff Events
href: audit-other-logonlogoff-events.md
items:
- name: "Event 4649 S: A replay attack was detected."
href: event-4649.md
- name: "Event 4778 S: A session was reconnected to a Window Station."
href: event-4778.md
- name: "Event 4779 S: A session was disconnected from a Window Station."
href: event-4779.md
- name: "Event 4800 S: The workstation was locked."
href: event-4800.md
- name: "Event 4801 S: The workstation was unlocked."
href: event-4801.md
- name: "Event 4802 S: The screen saver was invoked."
href: event-4802.md
- name: "Event 4803 S: The screen saver was dismissed."
href: event-4803.md
- name: "Event 5378 F: The requested credentials delegation was disallowed by policy."
href: event-5378.md
- name: "Event 5632 S, F: A request was made to authenticate to a wireless network."
href: event-5632.md
- name: "Event 5633 S, F: A request was made to authenticate to a wired network."
href: event-5633.md
- name: Audit Special Logon
href: audit-special-logon.md
items:
- name: "Event 4964 S: Special groups have been assigned to a new logon."
href: event-4964.md
- name: "Event 4672 S: Special privileges assigned to new logon."
href: event-4672.md
- name: Audit Application Generated
href: audit-application-generated.md
- name: Audit Certification Services
href: audit-certification-services.md
- name: Audit Detailed File Share
href: audit-detailed-file-share.md
items:
- name: "Event 5145 S, F: A network share object was checked to see whether client can be granted desired access."
href: event-5145.md
- name: Audit File Share
href: audit-file-share.md
items:
- name: "Event 5140 S, F: A network share object was accessed."
href: event-5140.md
- name: "Event 5142 S: A network share object was added."
href: event-5142.md
- name: "Event 5143 S: A network share object was modified."
href: event-5143.md
- name: "Event 5144 S: A network share object was deleted."
href: event-5144.md
- name: "Event 5168 F: SPN check for SMB/SMB2 failed."
href: event-5168.md
- name: Audit File System
href: audit-file-system.md
items:
- name: "Event 4656 S, F: A handle to an object was requested."
href: event-4656.md
- name: "Event 4658 S: The handle to an object was closed."
href: event-4658.md
- name: "Event 4660 S: An object was deleted."
href: event-4660.md
- name: "Event 4663 S: An attempt was made to access an object."
href: event-4663.md
- name: "Event 4664 S: An attempt was made to create a hard link."
href: event-4664.md
- name: "Event 4985 S: The state of a transaction has changed."
href: event-4985.md
- name: "Event 5051: A file was virtualized."
href: event-5051.md
- name: "Event 4670 S: Permissions on an object were changed."
href: event-4670.md
- name: Audit Filtering Platform Connection
href: audit-filtering-platform-connection.md
items:
- name: "Event 5031 F: The Windows Firewall Service blocked an application from accepting incoming connections on the network."
href: event-5031.md
- name: "Event 5150: The Windows Filtering Platform blocked a packet."
href: event-5150.md
- name: "Event 5151: A more restrictive Windows Filtering Platform filter has blocked a packet."
href: event-5151.md
- name: "Event 5154 S: The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections."
href: event-5154.md
- name: "Event 5155 F: The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections."
href: event-5155.md
- name: "Event 5156 S: The Windows Filtering Platform has permitted a connection."
href: event-5156.md
- name: "Event 5157 F: The Windows Filtering Platform has blocked a connection."
href: event-5157.md
- name: "Event 5158 S: The Windows Filtering Platform has permitted a bind to a local port."
href: event-5158.md
- name: "Event 5159 F: The Windows Filtering Platform has blocked a bind to a local port."
href: event-5159.md
- name: Audit Filtering Platform Packet Drop
href: audit-filtering-platform-packet-drop.md
items:
- name: "Event 5152 F: The Windows Filtering Platform blocked a packet."
href: event-5152.md
- name: "Event 5153 S: A more restrictive Windows Filtering Platform filter has blocked a packet."
href: event-5153.md
- name: Audit Handle Manipulation
href: audit-handle-manipulation.md
items:
- name: "Event 4690 S: An attempt was made to duplicate a handle to an object."
href: event-4690.md
- name: Audit Kernel Object
href: audit-kernel-object.md
items:
- name: "Event 4656 S, F: A handle to an object was requested."
href: event-4656.md
- name: "Event 4658 S: The handle to an object was closed."
href: event-4658.md
- name: "Event 4660 S: An object was deleted."
href: event-4660.md
- name: "Event 4663 S: An attempt was made to access an object."
href: event-4663.md
- name: Audit Other Object Access Events
href: audit-other-object-access-events.md
items:
- name: "Event 4671: An application attempted to access a blocked ordinal through the TBS."
href: event-4671.md
- name: "Event 4691 S: Indirect access to an object was requested."
href: event-4691.md
- name: "Event 5148 F: The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded."
href: event-5148.md
- name: "Event 5149 F: The DoS attack has subsided and normal processing is being resumed."
href: event-5149.md
- name: "Event 4698 S: A scheduled task was created."
href: event-4698.md
- name: "Event 4699 S: A scheduled task was deleted."
href: event-4699.md
- name: "Event 4700 S: A scheduled task was enabled."
href: event-4700.md
- name: "Event 4701 S: A scheduled task was disabled."
href: event-4701.md
- name: "Event 4702 S: A scheduled task was updated."
href: event-4702.md
- name: "Event 5888 S: An object in the COM+ Catalog was modified."
href: event-5888.md
- name: "Event 5889 S: An object was deleted from the COM+ Catalog."
href: event-5889.md
- name: "Event 5890 S: An object was added to the COM+ Catalog."
href: event-5890.md
- name: Audit Registry
href: audit-registry.md
items:
- name: "Event 4663 S: An attempt was made to access an object."
href: event-4663.md
- name: "Event 4656 S, F: A handle to an object was requested."
href: event-4656.md
- name: "Event 4658 S: The handle to an object was closed."
href: event-4658.md
- name: "Event 4660 S: An object was deleted."
href: event-4660.md
- name: "Event 4657 S: A registry value was modified."
href: event-4657.md
- name: "Event 5039: A registry key was virtualized."
href: event-5039.md
- name: "Event 4670 S: Permissions on an object were changed."
href: event-4670.md
- name: Audit Removable Storage
href: audit-removable-storage.md
- name: Audit SAM
href: audit-sam.md
items:
- name: "Event 4661 S, F: A handle to an object was requested."
href: event-4661.md
- name: Audit Central Access Policy Staging
href: audit-central-access-policy-staging.md
items:
- name: "Event 4818 S: Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy."
href: event-4818.md
- name: Audit Audit Policy Change
href: audit-audit-policy-change.md
items:
- name: "Event 4670 S: Permissions on an object were changed."
href: event-4670.md
- name: "Event 4715 S: The audit policy, SACL, on an object was changed."
href: event-4715.md
- name: "Event 4719 S: System audit policy was changed."
href: event-4719.md
- name: "Event 4817 S: Auditing settings on object were changed."
href: event-4817.md
- name: "Event 4902 S: The Per-user audit policy table was created."
href: event-4902.md
- name: "Event 4906 S: The CrashOnAuditFail value has changed."
href: event-4906.md
- name: "Event 4907 S: Auditing settings on object were changed."
href: event-4907.md
- name: "Event 4908 S: Special Groups Logon table modified."
href: event-4908.md
- name: "Event 4912 S: Per User Audit Policy was changed."
href: event-4912.md
- name: "Event 4904 S: An attempt was made to register a security event source."
href: event-4904.md
- name: "Event 4905 S: An attempt was made to unregister a security event source."
href: event-4905.md
- name: Audit Authentication Policy Change
href: audit-authentication-policy-change.md
items:
- name: "Event 4706 S: A new trust was created to a domain."
href: event-4706.md
- name: "Event 4707 S: A trust to a domain was removed."
href: event-4707.md
- name: "Event 4716 S: Trusted domain information was modified."
href: event-4716.md
- name: "Event 4713 S: Kerberos policy was changed."
href: event-4713.md
- name: "Event 4717 S: System security access was granted to an account."
href: event-4717.md
- name: "Event 4718 S: System security access was removed from an account."
href: event-4718.md
- name: "Event 4739 S: Domain Policy was changed."
href: event-4739.md
- name: "Event 4864 S: A namespace collision was detected."
href: event-4864.md
- name: "Event 4865 S: A trusted forest information entry was added."
href: event-4865.md
- name: "Event 4866 S: A trusted forest information entry was removed."
href: event-4866.md
- name: "Event 4867 S: A trusted forest information entry was modified."
href: event-4867.md
- name: Audit Authorization Policy Change
href: audit-authorization-policy-change.md
items:
- name: "Event 4703 S: A user right was adjusted."
href: event-4703.md
- name: "Event 4704 S: A user right was assigned."
href: event-4704.md
- name: "Event 4705 S: A user right was removed."
href: event-4705.md
- name: "Event 4670 S: Permissions on an object were changed."
href: event-4670.md
- name: "Event 4911 S: Resource attributes of the object were changed."
href: event-4911.md
- name: "Event 4913 S: Central Access Policy on the object was changed."
href: event-4913.md
- name: Audit Filtering Platform Policy Change
href: audit-filtering-platform-policy-change.md
- name: Audit MPSSVC Rule-Level Policy Change
href: audit-mpssvc-rule-level-policy-change.md
items:
- name: "Event 4944 S: The following policy was active when the Windows Firewall started."
href: event-4944.md
- name: "Event 4945 S: A rule was listed when the Windows Firewall started."
href: event-4945.md
- name: "Event 4946 S: A change has been made to Windows Firewall exception list. A rule was added."
href: event-4946.md
- name: "Event 4947 S: A change has been made to Windows Firewall exception list. A rule was modified."
href: event-4947.md
- name: "Event 4948 S: A change has been made to Windows Firewall exception list. A rule was deleted."
href: event-4948.md
- name: "Event 4949 S: Windows Firewall settings were restored to the default values."
href: event-4949.md
- name: "Event 4950 S: A Windows Firewall setting has changed."
href: event-4950.md
- name: "Event 4951 F: A rule has been ignored because its major version number was not recognized by Windows Firewall."
href: event-4951.md
- name: "Event 4952 F: Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced."
href: event-4952.md
- name: "Event 4953 F: Windows Firewall ignored a rule because it could not be parsed."
href: event-4953.md
- name: "Event 4954 S: Windows Firewall Group Policy settings have changed. The new settings have been applied."
href: event-4954.md
- name: "Event 4956 S: Windows Firewall has changed the active profile."
href: event-4956.md
- name: "Event 4957 F: Windows Firewall did not apply the following rule."
href: event-4957.md
- name: "Event 4958 F: Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer."
href: event-4958.md
- name: Audit Other Policy Change Events
href: audit-other-policy-change-events.md
items:
- name: "Event 4714 S: Encrypted data recovery policy was changed."
href: event-4714.md
- name: "Event 4819 S: Central Access Policies on the machine have been changed."
href: event-4819.md
- name: "Event 4826 S: Boot Configuration Data loaded."
href: event-4826.md
- name: "Event 4909: The local policy settings for the TBS were changed."
href: event-4909.md
- name: "Event 4910: The group policy settings for the TBS were changed."
href: event-4910.md
- name: "Event 5063 S, F: A cryptographic provider operation was attempted."
href: event-5063.md
- name: "Event 5064 S, F: A cryptographic context operation was attempted."
href: event-5064.md
- name: "Event 5065 S, F: A cryptographic context modification was attempted."
href: event-5065.md
- name: "Event 5066 S, F: A cryptographic function operation was attempted."
href: event-5066.md
- name: "Event 5067 S, F: A cryptographic function modification was attempted."
href: event-5067.md
- name: "Event 5068 S, F: A cryptographic function provider operation was attempted."
href: event-5068.md
- name: "Event 5069 S, F: A cryptographic function property operation was attempted."
href: event-5069.md
- name: "Event 5070 S, F: A cryptographic function property modification was attempted."
href: event-5070.md
- name: "Event 5447 S: A Windows Filtering Platform filter has been changed."
href: event-5447.md
- name: "Event 6144 S: Security policy in the group policy objects has been applied successfully."
href: event-6144.md
- name: "Event 6145 F: One or more errors occurred while processing security policy in the group policy objects."
href: event-6145.md
- name: Audit Sensitive Privilege Use
href: audit-sensitive-privilege-use.md
items:
- name: "Event 4673 S, F: A privileged service was called."
href: event-4673.md
- name: "Event 4674 S, F: An operation was attempted on a privileged object."
href: event-4674.md
- name: "Event 4985 S: The state of a transaction has changed."
href: event-4985.md
- name: Audit Non Sensitive Privilege Use
href: audit-non-sensitive-privilege-use.md
items:
- name: "Event 4673 S, F: A privileged service was called."
href: event-4673.md
- name: "Event 4674 S, F: An operation was attempted on a privileged object."
href: event-4674.md
- name: "Event 4985 S: The state of a transaction has changed."
href: event-4985.md
- name: Audit Other Privilege Use Events
href: audit-other-privilege-use-events.md
items:
- name: "Event 4985 S: The state of a transaction has changed."
href: event-4985.md
- name: Audit IPsec Driver
href: audit-ipsec-driver.md
- name: Audit Other System Events
href: audit-other-system-events.md
items:
- name: "Event 5024 S: The Windows Firewall Service has started successfully."
href: event-5024.md
- name: "Event 5025 S: The Windows Firewall Service has been stopped."
href: event-5025.md
- name: "Event 5027 F: The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy."
href: event-5027.md
- name: "Event 5028 F: The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy."
href: event-5028.md
- name: "Event 5029 F: The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy."
href: event-5029.md
- name: "Event 5030 F: The Windows Firewall Service failed to start."
href: event-5030.md
- name: "Event 5032 F: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network."
href: event-5032.md
- name: "Event 5033 S: The Windows Firewall Driver has started successfully."
href: event-5033.md
- name: "Event 5034 S: The Windows Firewall Driver was stopped."
href: event-5034.md
- name: "Event 5035 F: The Windows Firewall Driver failed to start."
href: event-5035.md
- name: "Event 5037 F: The Windows Firewall Driver detected critical runtime error. Terminating."
href: event-5037.md
- name: "Event 5058 S, F: Key file operation."
href: event-5058.md
- name: "Event 5059 S, F: Key migration operation."
href: event-5059.md
- name: "Event 6400: BranchCache: Received an incorrectly formatted response while discovering availability of content."
href: event-6400.md
- name: "Event 6401: BranchCache: Received invalid data from a peer. Data discarded."
href: event-6401.md
- name: "Event 6402: BranchCache: The message to the hosted cache offering it data is incorrectly formatted."
href: event-6402.md
- name: "Event 6403: BranchCache: The hosted cache sent an incorrectly formatted response to the client."
href: event-6403.md
- name: "Event 6404: BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate."
href: event-6404.md
- name: "Event 6405: BranchCache: %2 instances of event id %1 occurred."
href: event-6405.md
- name: "Event 6406: %1 registered to Windows Firewall to control filtering for the following: %2."
href: event-6406.md
- name: "Event 6407: 1%."
href: event-6407.md
- name: "Event 6408: Registered product %1 failed and Windows Firewall is now controlling the filtering for %2."
href: event-6408.md
- name: "Event 6409: BranchCache: A service connection point object could not be parsed."
href: event-6409.md
- name: Audit Security State Change
href: audit-security-state-change.md
items:
- name: "Event 4608 S: Windows is starting up."
href: event-4608.md
- name: "Event 4616 S: The system time was changed."
href: event-4616.md
- name: "Event 4621 S: Administrator recovered system from CrashOnAuditFail."
href: event-4621.md
- name: Audit Security System Extension
href: audit-security-system-extension.md
items:
- name: "Event 4610 S: An authentication package has been loaded by the Local Security Authority."
href: event-4610.md
- name: "Event 4611 S: A trusted logon process has been registered with the Local Security Authority."
href: event-4611.md
- name: "Event 4614 S: A notification package has been loaded by the Security Account Manager."
href: event-4614.md
- name: "Event 4622 S: A security package has been loaded by the Local Security Authority."
href: event-4622.md
- name: "Event 4697 S: A service was installed in the system."
href: event-4697.md
- name: Audit System Integrity
href: audit-system-integrity.md
items:
- name: "Event 4612 S: Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits."
href: event-4612.md
- name: "Event 4615 S: Invalid use of LPC port."
href: event-4615.md
- name: "Event 4618 S: A monitored security event pattern has occurred."
href: event-4618.md
- name: "Event 4816 S: RPC detected an integrity violation while decrypting an incoming message."
href: event-4816.md
- name: "Event 5038 F: Code integrity determined that the image hash of a file is not valid."
href: event-5038.md
- name: "Event 5056 S: A cryptographic self-test was performed."
href: event-5056.md
- name: "Event 5062 S: A kernel-mode cryptographic self-test was performed."
href: event-5062.md
- name: "Event 5057 F: A cryptographic primitive operation failed."
href: event-5057.md
- name: "Event 5060 F: Verification operation failed."
href: event-5060.md
- name: "Event 5061 S, F: Cryptographic operation."
href: event-5061.md
- name: "Event 6281 F: Code Integrity determined that the page hashes of an image file are not valid."
href: event-6281.md
- name: "Event 6410 F: Code integrity determined that a file does not meet the security requirements to load into a process."
href: event-6410.md
- name: Other Events
href: other-events.md
items:
- name: "Event 1100 S: The event logging service has shut down."
href: event-1100.md
- name: "Event 1102 S: The audit log was cleared."
href: event-1102.md
- name: "Event 1104 S: The security log is now full."
href: event-1104.md
- name: "Event 1105 S: Event log automatic backup."
href: event-1105.md
- name: "Event 1108 S: The event logging service encountered an error while processing an incoming event published from %1."
href: event-1108.md
- name: "Appendix A: Security monitoring recommendations for many audit events"
href: appendix-a-security-monitoring-recommendations-for-many-audit-events.md
- name: Registry (Global Object Access Auditing)
href: registry-global-object-access-auditing.md
- name: File System (Global Object Access Auditing)
href: file-system-global-object-access-auditing.md

349
windows/security/threat-protection/security-policy-settings/TOC.yml Normal file
View File

@ -0,0 +1,349 @@
- name: Security policy settings
href: security-policy-settings.md
items:
- name: Administer security policy settings
href: administer-security-policy-settings.md
items:
- name: Network List Manager policies
href: network-list-manager-policies.md
- name: Configure security policy settings
href: how-to-configure-security-policy-settings.md
- name: Security policy settings reference
href: security-policy-settings-reference.md
items:
- name: Account Policies
href: account-policies.md
items:
- name: Password Policy
href: password-policy.md
items:
- name: Enforce password history
href: enforce-password-history.md
- name: Maximum password age
href: maximum-password-age.md
- name: Minimum password age
href: minimum-password-age.md
- name: Minimum password length
href: minimum-password-length.md
- name: Password must meet complexity requirements
href: password-must-meet-complexity-requirements.md
- name: Store passwords using reversible encryption
href: store-passwords-using-reversible-encryption.md
- name: Account Lockout Policy
href: account-lockout-policy.md
items:
- name: Account lockout duration
href: account-lockout-duration.md
- name: Account lockout threshold
href: account-lockout-threshold.md
- name: Reset account lockout counter after
href: reset-account-lockout-counter-after.md
- name: Kerberos Policy
href: kerberos-policy.md
items:
- name: Enforce user logon restrictions
href: enforce-user-logon-restrictions.md
- name: Maximum lifetime for service ticket
href: maximum-lifetime-for-service-ticket.md
- name: Maximum lifetime for user ticket
href: maximum-lifetime-for-user-ticket.md
- name: Maximum lifetime for user ticket renewal
href: maximum-lifetime-for-user-ticket-renewal.md
- name: Maximum tolerance for computer clock synchronization
href: maximum-tolerance-for-computer-clock-synchronization.md
- name: Audit Policy
href: audit-policy.md
- name: Security Options
href: security-options.md
items:
- name: "Accounts: Administrator account status"
href: accounts-administrator-account-status.md
- name: "Accounts: Block Microsoft accounts"
href: accounts-block-microsoft-accounts.md
- name: "Accounts: Guest account status"
href: accounts-guest-account-status.md
- name: "Accounts: Limit local account use of blank passwords to console logon only"
href: accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
- name: "Accounts: Rename administrator account"
href: accounts-rename-administrator-account.md
- name: "Accounts: Rename guest account"
href: accounts-rename-guest-account.md
- name: "Audit: Audit the access of global system objects"
href: audit-audit-the-access-of-global-system-objects.md
- name: "Audit: Audit the use of Backup and Restore privilege"
href: audit-audit-the-use-of-backup-and-restore-privilege.md
- name: "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings"
href: audit-force-audit-policy-subcategory-settings-to-override.md
- name: "Audit: Shut down system immediately if unable to log security audits"
href: audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
- name: "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax"
href: dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
- name: "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax"
href: dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
- name: "Devices: Allow undock without having to log on"
href: devices-allow-undock-without-having-to-log-on.md
- name: "Devices: Allowed to format and eject removable media"
href: devices-allowed-to-format-and-eject-removable-media.md
- name: "Devices: Prevent users from installing printer drivers"
href: devices-prevent-users-from-installing-printer-drivers.md
- name: "Devices: Restrict CD-ROM access to locally logged-on user only"
href: devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
- name: "Devices: Restrict floppy access to locally logged-on user only"
href: devices-restrict-floppy-access-to-locally-logged-on-user-only.md
- name: "Domain controller: Allow server operators to schedule tasks"
href: domain-controller-allow-server-operators-to-schedule-tasks.md
- name: "Domain controller: LDAP server signing requirements"
href: domain-controller-ldap-server-signing-requirements.md
- name: "Domain controller: Refuse machine account password changes"
href: domain-controller-refuse-machine-account-password-changes.md
- name: "Domain member: Digitally encrypt or sign secure channel data (always)"
href: domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
- name: "Domain member: Digitally encrypt secure channel data (when possible)"
href: domain-member-digitally-encrypt-secure-channel-data-when-possible.md
- name: "Domain member: Digitally sign secure channel data (when possible)"
href: domain-member-digitally-sign-secure-channel-data-when-possible.md
- name: "Domain member: Disable machine account password changes"
href: domain-member-disable-machine-account-password-changes.md
- name: "Domain member: Maximum machine account password age"
href: domain-member-maximum-machine-account-password-age.md
- name: "Domain member: Require strong (Windows 2000 or later) session key"
href: domain-member-require-strong-windows-2000-or-later-session-key.md
- name: "Interactive logon: Display user information when the session is locked"
href: interactive-logon-display-user-information-when-the-session-is-locked.md
- name: "Interactive logon: Don't display last signed-in"
href: interactive-logon-do-not-display-last-user-name.md
- name: "Interactive logon: Don't display username at sign-in"
href: interactive-logon-dont-display-username-at-sign-in.md
- name: "Interactive logon: Do not require CTRL+ALT+DEL"
href: interactive-logon-do-not-require-ctrl-alt-del.md
- name: "Interactive logon: Machine account lockout threshold"
href: interactive-logon-machine-account-lockout-threshold.md
- name: "Interactive logon: Machine inactivity limit"
href: interactive-logon-machine-inactivity-limit.md
- name: "Interactive logon: Message text for users attempting to log on"
href: interactive-logon-message-text-for-users-attempting-to-log-on.md
- name: "Interactive logon: Message title for users attempting to log on"
href: interactive-logon-message-title-for-users-attempting-to-log-on.md
- name: "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
href: interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
- name: "Interactive logon: Prompt user to change password before expiration"
href: interactive-logon-prompt-user-to-change-password-before-expiration.md
- name: "Interactive logon: Require Domain Controller authentication to unlock workstation"
href: interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
- name: "Interactive logon: Require smart card"
href: interactive-logon-require-smart-card.md
- name: "Interactive logon: Smart card removal behavior"
href: interactive-logon-smart-card-removal-behavior.md
- name: "Microsoft network client: Digitally sign communications (always)"
href: microsoft-network-client-digitally-sign-communications-always.md
- name: "SMBv1 Microsoft network client: Digitally sign communications (always)"
href: smbv1-microsoft-network-client-digitally-sign-communications-always.md
- name: "SMBv1 Microsoft network client: Digitally sign communications (if server agrees)"
href: smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
- name: "Microsoft network client: Send unencrypted password to third-party SMB servers"
href: microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
- name: "Microsoft network server: Amount of idle time required before suspending session"
href: microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
- name: "Microsoft network server: Attempt S4U2Self to obtain claim information"
href: microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
- name: "Microsoft network server: Digitally sign communications (always)"
href: microsoft-network-server-digitally-sign-communications-always.md
- name: "SMBv1 Microsoft network server: Digitally sign communications (always)"
href: smbv1-microsoft-network-server-digitally-sign-communications-always.md
- name: "SMBv1 Microsoft network server: Digitally sign communications (if client agrees)"
href: smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
- name: "Microsoft network server: Disconnect clients when logon hours expire"
href: microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
- name: "Microsoft network server: Server SPN target name validation level"
href: microsoft-network-server-server-spn-target-name-validation-level.md
- name: "Network access: Allow anonymous SID/Name translation"
href: network-access-allow-anonymous-sidname-translation.md
- name: "Network access: Do not allow anonymous enumeration of SAM accounts"
href: network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
- name: "Network access: Do not allow anonymous enumeration of SAM accounts and shares"
href: network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
- name: "Network access: Do not allow storage of passwords and credentials for network authentication"
href: network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
- name: "Network access: Let Everyone permissions apply to anonymous users"
href: network-access-let-everyone-permissions-apply-to-anonymous-users.md
- name: "Network access: Named Pipes that can be accessed anonymously"
href: network-access-named-pipes-that-can-be-accessed-anonymously.md
- name: "Network access: Remotely accessible registry paths"
href: network-access-remotely-accessible-registry-paths.md
- name: "Network access: Remotely accessible registry paths and subpaths"
href: network-access-remotely-accessible-registry-paths-and-subpaths.md
- name: "Network access: Restrict anonymous access to Named Pipes and Shares"
href: network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
- name: "Network access: Restrict clients allowed to make remote calls to SAM"
href: network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
- name: "Network access: Shares that can be accessed anonymously"
href: network-access-shares-that-can-be-accessed-anonymously.md
- name: "Network access: Sharing and security model for local accounts"
href: network-access-sharing-and-security-model-for-local-accounts.md
- name: "Network security: Allow Local System to use computer identity for NTLM"
href: network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
- name: "Network security: Allow LocalSystem NULL session fallback"
href: network-security-allow-localsystem-null-session-fallback.md
- name: "Network security: Allow PKU2U authentication requests to this computer to use online identities"
href: network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
- name: "Network security: Configure encryption types allowed for Kerberos"
href: network-security-configure-encryption-types-allowed-for-kerberos.md
- name: "Network security: Do not store LAN Manager hash value on next password change"
href: network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
- name: "Network security: Force logoff when logon hours expire"
href: network-security-force-logoff-when-logon-hours-expire.md
- name: "Network security: LAN Manager authentication level"
href: network-security-lan-manager-authentication-level.md
- name: "Network security: LDAP client signing requirements"
href: network-security-ldap-client-signing-requirements.md
- name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients"
href: network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
- name: "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers"
href: network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
- name: "Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication"
href: network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
- name: "Network security: Restrict NTLM: Add server exceptions in this domain"
href: network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
- name: "Network security: Restrict NTLM: Audit incoming NTLM traffic"
href: network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
- name: "Network security: Restrict NTLM: Audit NTLM authentication in this domain"
href: network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
- name: "Network security: Restrict NTLM: Incoming NTLM traffic"
href: network-security-restrict-ntlm-incoming-ntlm-traffic.md
- name: "Network security: Restrict NTLM: NTLM authentication in this domain"
href: network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
- name: "Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers"
href: network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
- name: "Recovery console: Allow automatic administrative logon"
href: recovery-console-allow-automatic-administrative-logon.md
- name: "Recovery console: Allow floppy copy and access to all drives and folders"
href: recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
- name: "Shutdown: Allow system to be shut down without having to log on"
href: shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
- name: "Shutdown: Clear virtual memory pagefile"
href: shutdown-clear-virtual-memory-pagefile.md
- name: "System cryptography: Force strong key protection for user keys stored on the computer"
href: system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
- name: "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"
href: system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
- name: "System objects: Require case insensitivity for non-Windows subsystems"
href: system-objects-require-case-insensitivity-for-non-windows-subsystems.md
- name: "System objects: Strengthen default permissions of internal system objects (Symbolic Links)"
href: system-objects-strengthen-default-permissions-of-internal-system-objects.md
- name: "System settings: Optional subsystems"
href: system-settings-optional-subsystems.md
- name: "System settings: Use certificate rules on Windows executables for Software Restriction Policies"
href: system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
- name: "User Account Control: Admin Approval Mode for the Built-in Administrator account"
href: user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
- name: "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop"
href: user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
- name: "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode"
href: user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
- name: "User Account Control: Behavior of the elevation prompt for standard users"
href: user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
- name: "User Account Control: Detect application installations and prompt for elevation"
href: user-account-control-detect-application-installations-and-prompt-for-elevation.md
- name: "User Account Control: Only elevate executables that are signed and validated"
href: user-account-control-only-elevate-executables-that-are-signed-and-validated.md
- name: "User Account Control: Only elevate UIAccess applications that are installed in secure locations"
href: user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
- name: "User Account Control: Run all administrators in Admin Approval Mode"
href: user-account-control-run-all-administrators-in-admin-approval-mode.md
- name: "User Account Control: Switch to the secure desktop when prompting for elevation"
href: user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
- name: "User Account Control: Virtualize file and registry write failures to per-user locations"
href: user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
- name: Advanced security audit policy settings
href: secpol-advanced-security-audit-policy-settings.md
- name: User Rights Assignment
href: user-rights-assignment.md
items:
- name: Access Credential Manager as a trusted caller
href: access-credential-manager-as-a-trusted-caller.md
- name: Access this computer from the network
href: access-this-computer-from-the-network.md
- name: Act as part of the operating system
href: act-as-part-of-the-operating-system.md
- name: Add workstations to domain
href: add-workstations-to-domain.md
- name: Adjust memory quotas for a process
href: adjust-memory-quotas-for-a-process.md
- name: Allow log on locally
href: allow-log-on-locally.md
- name: Allow log on through Remote Desktop Services
href: allow-log-on-through-remote-desktop-services.md
- name: Back up files and directories
href: back-up-files-and-directories.md
- name: Bypass traverse checking
href: bypass-traverse-checking.md
- name: Change the system time
href: change-the-system-time.md
- name: Change the time zone
href: change-the-time-zone.md
- name: Create a pagefile
href: create-a-pagefile.md
- name: Create a token object
href: create-a-token-object.md
- name: Create global objects
href: create-global-objects.md
- name: Create permanent shared objects
href: create-permanent-shared-objects.md
- name: Create symbolic links
href: create-symbolic-links.md
- name: Debug programs
href: debug-programs.md
- name: Deny access to this computer from the network
href: deny-access-to-this-computer-from-the-network.md
- name: Deny log on as a batch job
href: deny-log-on-as-a-batch-job.md
- name: Deny log on as a service
href: deny-log-on-as-a-service.md
- name: Deny log on locally
href: deny-log-on-locally.md
- name: Deny log on through Remote Desktop Services
href: deny-log-on-through-remote-desktop-services.md
- name: Enable computer and user accounts to be trusted for delegation
href: enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
- name: Force shutdown from a remote system
href: force-shutdown-from-a-remote-system.md
- name: Generate security audits
href: generate-security-audits.md
- name: Impersonate a client after authentication
href: impersonate-a-client-after-authentication.md
- name: Increase a process working set
href: increase-a-process-working-set.md
- name: Increase scheduling priority
href: increase-scheduling-priority.md
- name: Load and unload device drivers
href: load-and-unload-device-drivers.md
- name: Lock pages in memory
href: lock-pages-in-memory.md
- name: Log on as a batch job
href: log-on-as-a-batch-job.md
- name: Log on as a service
href: log-on-as-a-service.md
- name: Manage auditing and security log
href: manage-auditing-and-security-log.md
- name: Modify an object label
href: modify-an-object-label.md
- name: Modify firmware environment values
href: modify-firmware-environment-values.md
- name: Perform volume maintenance tasks
href: perform-volume-maintenance-tasks.md
- name: Profile single process
href: profile-single-process.md
- name: Profile system performance
href: profile-system-performance.md
- name: Remove computer from docking station
href: remove-computer-from-docking-station.md
- name: Replace a process level token
href: replace-a-process-level-token.md
- name: Restore files and directories
href: restore-files-and-directories.md
- name: Shut down the system
href: shut-down-the-system.md
- name: Synchronize directory service data
href: synchronize-directory-service-data.md
- name: Take ownership of files or other objects
href: take-ownership-of-files-or-other-objects.md